Windows 2003 Domain login

  • Thread starter Thread starter Daniel
  • Start date Start date
Daniel,

The workstation will query DNS to find the server that it should log into.
This will be the server associated with the site to which its subnet belongs.
After that it will go down the list in DNS to find the next DC in the list
starting with default-first-site.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"Daniel" wrote:

> If in my network i have 2 DC in 1 domain, which DC would the user login to
> ?
>
> Daniel
>
>
>
>
 
I have 2 servers with dns installed and both are in same site. Both are
default first site.

Daniel

"Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
news:3A691C92-97A1-4FBB-AAAE-76D1A5BA7594@microsoft.com...
> Daniel,
>
> The workstation will query DNS to find the server that it should log into.
> This will be the server associated with the site to which its subnet
> belongs.
> After that it will go down the list in DNS to find the next DC in the list
> starting with default-first-site.
> --
> Ryan Hanisco
> MCSE, MCTS: SQL 2005, Project+
> Chicago, IL
>
> Remember: Marking helpful answers helps everyone find the info they need
> quickly.
>
>
> "Daniel" wrote:
>
>> If in my network i have 2 DC in 1 domain, which DC would the user login
>> to
>> ?
>>
>> Daniel
>>
>>
>>
>>
 
Daniel,

In that case, look at the DC records in DNS. It will try then in order.
If the first is busy, it will go to the second. Since they are in the same
site, it really shouldn't matter which one they are logging in to -- unless
you are doing something funky where there is much higher load on the one. In
that case, you can weight the DNS records to ensure that the chosen one is
always tried first.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"Daniel" wrote:

> I have 2 servers with dns installed and both are in same site. Both are
> default first site.
>
> Daniel
>
> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
> news:3A691C92-97A1-4FBB-AAAE-76D1A5BA7594@microsoft.com...
> > Daniel,
> >
> > The workstation will query DNS to find the server that it should log into.
> > This will be the server associated with the site to which its subnet
> > belongs.
> > After that it will go down the list in DNS to find the next DC in the list
> > starting with default-first-site.
> > --
> > Ryan Hanisco
> > MCSE, MCTS: SQL 2005, Project+
> > Chicago, IL
> >
> > Remember: Marking helpful answers helps everyone find the info they need
> > quickly.
> >
> >
> > "Daniel" wrote:
> >
> >> If in my network i have 2 DC in 1 domain, which DC would the user login
> >> to
> >> ?
> >>
> >> Daniel
> >>
> >>
> >>
> >>
>
>
>
 
"Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
news:030608DD-233F-4B9A-BC0B-AC8CDFD18BE6@microsoft.com...
> Daniel,
>
> In that case, look at the DC records in DNS. It will try then in order.
> If the first is busy, it will go to the second. Since they are in the
> same
> site, it really shouldn't matter which one they are logging in to --
> unless
> you are doing something funky where there is much higher load on the one.
> In
> that case, you can weight the DNS records to ensure that the chosen one is
> always tried first.

Both DCs should be GCs (in Sites and Services NTDS properties for the
Server/DC) if you have a single domain forest.

Both should generally be DNS servers too.

And if you have more than one subnet, WINS servers.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
 
Why need to have both DC as GC if in single domain forest ?

Daniel

"Herb Martin" <news@learnquick.com> wrote in message
news:Oi4AL1lvHHA.4528@TK2MSFTNGP03.phx.gbl...
>
> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
> news:030608DD-233F-4B9A-BC0B-AC8CDFD18BE6@microsoft.com...
>> Daniel,
>>
>> In that case, look at the DC records in DNS. It will try then in order.
>> If the first is busy, it will go to the second. Since they are in the
>> same
>> site, it really shouldn't matter which one they are logging in to --
>> unless
>> you are doing something funky where there is much higher load on the one.
>> In
>> that case, you can weight the DNS records to ensure that the chosen one
>> is
>> always tried first.
>
> Both DCs should be GCs (in Sites and Services NTDS properties for the
> Server/DC) if you have a single domain forest.
>
> Both should generally be DNS servers too.
>
> And if you have more than one subnet, WINS servers.
>
> --
> Herb Martin, MCSE, MVP
> http://www.LearnQuick.Com
> (phone on web site)
>
 
But if both DNS server records are different in order which 1 will client
login first ? Thanks

Daniel

"Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
news:030608DD-233F-4B9A-BC0B-AC8CDFD18BE6@microsoft.com...
> Daniel,
>
> In that case, look at the DC records in DNS. It will try then in order.
> If the first is busy, it will go to the second. Since they are in the
> same
> site, it really shouldn't matter which one they are logging in to --
> unless
> you are doing something funky where there is much higher load on the one.
> In
> that case, you can weight the DNS records to ensure that the chosen one is
> always tried first.
> --
> Ryan Hanisco
> MCSE, MCTS: SQL 2005, Project+
> Chicago, IL
>
> Remember: Marking helpful answers helps everyone find the info they need
> quickly.
>
>
> "Daniel" wrote:
>
>> I have 2 servers with dns installed and both are in same site. Both are
>> default first site.
>>
>> Daniel
>>
>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
>> news:3A691C92-97A1-4FBB-AAAE-76D1A5BA7594@microsoft.com...
>> > Daniel,
>> >
>> > The workstation will query DNS to find the server that it should log
>> > into.
>> > This will be the server associated with the site to which its subnet
>> > belongs.
>> > After that it will go down the list in DNS to find the next DC in the
>> > list
>> > starting with default-first-site.
>> > --
>> > Ryan Hanisco
>> > MCSE, MCTS: SQL 2005, Project+
>> > Chicago, IL
>> >
>> > Remember: Marking helpful answers helps everyone find the info they
>> > need
>> > quickly.
>> >
>> >
>> > "Daniel" wrote:
>> >
>> >> If in my network i have 2 DC in 1 domain, which DC would the user
>> >> login
>> >> to
>> >> ?
>> >>
>> >> Daniel
>> >>
>> >>
>> >>
>> >>
>>
>>
>>
 
"Daniel" <danieltbt05@gmail.com> wrote in message
news:%23vOt9WrvHHA.1168@TK2MSFTNGP02.phx.gbl...
> Why need to have both DC as GC if in single domain forest ?

The question is really best the other way around: You want to make
sure there is always a GC available, and with a single forest there is
NO DISADVANTAGE to having every DC a GC.

So, since GCs are good and they are "free" in a single domain forest,
make every DC a GC.

Also, in small multi-domain forests usually.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)


> Daniel
>
> "Herb Martin" <news@learnquick.com> wrote in message
> news:Oi4AL1lvHHA.4528@TK2MSFTNGP03.phx.gbl...
>>
>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
>> news:030608DD-233F-4B9A-BC0B-AC8CDFD18BE6@microsoft.com...
>>> Daniel,
>>>
>>> In that case, look at the DC records in DNS. It will try then in
>>> order.
>>> If the first is busy, it will go to the second. Since they are in the
>>> same
>>> site, it really shouldn't matter which one they are logging in to --
>>> unless
>>> you are doing something funky where there is much higher load on the
>>> one. In
>>> that case, you can weight the DNS records to ensure that the chosen one
>>> is
>>> always tried first.
>>
>> Both DCs should be GCs (in Sites and Services NTDS properties for the
>> Server/DC) if you have a single domain forest.
>>
>> Both should generally be DNS servers too.
>>
>> And if you have more than one subnet, WINS servers.
>>
>> --
>> Herb Martin, MCSE, MVP
>> http://www.LearnQuick.Com
>> (phone on web site)
>>
>
>
 
"Daniel" <danieltbt05@gmail.com> wrote in message
news:%23G3KCZrvHHA.5036@TK2MSFTNGP03.phx.gbl...
> But if both DNS server records are different in order which 1 will client
> login first ? Thanks

Usually Round Robin DNS is enabled (Server -> Properties -> Advanced)
so it is random, pseudo-load balanced.


--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

> Daniel
>
> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
> news:030608DD-233F-4B9A-BC0B-AC8CDFD18BE6@microsoft.com...
>> Daniel,
>>
>> In that case, look at the DC records in DNS. It will try then in order.
>> If the first is busy, it will go to the second. Since they are in the
>> same
>> site, it really shouldn't matter which one they are logging in to --
>> unless
>> you are doing something funky where there is much higher load on the one.
>> In
>> that case, you can weight the DNS records to ensure that the chosen one
>> is
>> always tried first.
>> --
>> Ryan Hanisco
>> MCSE, MCTS: SQL 2005, Project+
>> Chicago, IL
>>
>> Remember: Marking helpful answers helps everyone find the info they need
>> quickly.
>>
>>
>> "Daniel" wrote:
>>
>>> I have 2 servers with dns installed and both are in same site. Both are
>>> default first site.
>>>
>>> Daniel
>>>
>>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
>>> news:3A691C92-97A1-4FBB-AAAE-76D1A5BA7594@microsoft.com...
>>> > Daniel,
>>> >
>>> > The workstation will query DNS to find the server that it should log
>>> > into.
>>> > This will be the server associated with the site to which its subnet
>>> > belongs.
>>> > After that it will go down the list in DNS to find the next DC in the
>>> > list
>>> > starting with default-first-site.
>>> > --
>>> > Ryan Hanisco
>>> > MCSE, MCTS: SQL 2005, Project+
>>> > Chicago, IL
>>> >
>>> > Remember: Marking helpful answers helps everyone find the info they
>>> > need
>>> > quickly.
>>> >
>>> >
>>> > "Daniel" wrote:
>>> >
>>> >> If in my network i have 2 DC in 1 domain, which DC would the user
>>> >> login
>>> >> to
>>> >> ?
>>> >>
>>> >> Daniel
>>> >>
>>> >>
>>> >>
>>> >>
>>>
>>>
>>>
>
>
 
But even in multi domain forest , there should be more than one GC in each
domain , true ?

Daniel

"Herb Martin" <news@learnquick.com> wrote in message
news:u6pMilvvHHA.1164@TK2MSFTNGP02.phx.gbl...
>
> "Daniel" <danieltbt05@gmail.com> wrote in message
> news:%23vOt9WrvHHA.1168@TK2MSFTNGP02.phx.gbl...
>> Why need to have both DC as GC if in single domain forest ?
>
> The question is really best the other way around: You want to make
> sure there is always a GC available, and with a single forest there is
> NO DISADVANTAGE to having every DC a GC.
>
> So, since GCs are good and they are "free" in a single domain forest,
> make every DC a GC.
>
> Also, in small multi-domain forests usually.
>
> --
> Herb Martin, MCSE, MVP
> http://www.LearnQuick.Com
> (phone on web site)
>
>
>> Daniel
>>
>> "Herb Martin" <news@learnquick.com> wrote in message
>> news:Oi4AL1lvHHA.4528@TK2MSFTNGP03.phx.gbl...
>>>
>>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
>>> news:030608DD-233F-4B9A-BC0B-AC8CDFD18BE6@microsoft.com...
>>>> Daniel,
>>>>
>>>> In that case, look at the DC records in DNS. It will try then in
>>>> order.
>>>> If the first is busy, it will go to the second. Since they are in the
>>>> same
>>>> site, it really shouldn't matter which one they are logging in to --
>>>> unless
>>>> you are doing something funky where there is much higher load on the
>>>> one. In
>>>> that case, you can weight the DNS records to ensure that the chosen one
>>>> is
>>>> always tried first.
>>>
>>> Both DCs should be GCs (in Sites and Services NTDS properties for the
>>> Server/DC) if you have a single domain forest.
>>>
>>> Both should generally be DNS servers too.
>>>
>>> And if you have more than one subnet, WINS servers.
>>>
>>> --
>>> Herb Martin, MCSE, MVP
>>> http://www.LearnQuick.Com
>>> (phone on web site)
>>>
>>
>>
>
>
 
"Daniel" <danieltbt05@gmail.com> wrote in message
news:OaWak62vHHA.2288@TK2MSFTNGP05.phx.gbl...
> But even in multi domain forest , there should be more than one GC in each
> domain , true ?

Yes, generally true. Minimum number of GCs should be 1 Per Site,
but for fault tolerance 2 per site, and more, i.e., enough, for performance
issues.

With small and single domain forests you can just make all DCs GCs
and have them as fault tolerant and capable as the DCs.

GCs replicate SOME portion of every object forest wide, but since
in a single domain forest every DC has everything already it adds
nothing significant to the replication. Same as long as the forest is
small, but as the forest grow the amount of cross-domain info on
each GC which has to replicate increases to the point that it becomes
burdensome.

If you have an asymetric forest with a LARGE domain and one or
more small ones you typically TRY to take the GCs first from the
largest domain(s), since only the small domain objects need to be
additionally replicated to the GCs.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

> Daniel
>
> "Herb Martin" <news@learnquick.com> wrote in message
> news:u6pMilvvHHA.1164@TK2MSFTNGP02.phx.gbl...
>>
>> "Daniel" <danieltbt05@gmail.com> wrote in message
>> news:%23vOt9WrvHHA.1168@TK2MSFTNGP02.phx.gbl...
>>> Why need to have both DC as GC if in single domain forest ?
>>
>> The question is really best the other way around: You want to make
>> sure there is always a GC available, and with a single forest there is
>> NO DISADVANTAGE to having every DC a GC.
>>
>> So, since GCs are good and they are "free" in a single domain forest,
>> make every DC a GC.
>>
>> Also, in small multi-domain forests usually.
>>
>> --
>> Herb Martin, MCSE, MVP
>> http://www.LearnQuick.Com
>> (phone on web site)
>>
>>
>>> Daniel
>>>
>>> "Herb Martin" <news@learnquick.com> wrote in message
>>> news:Oi4AL1lvHHA.4528@TK2MSFTNGP03.phx.gbl...
>>>>
>>>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
>>>> news:030608DD-233F-4B9A-BC0B-AC8CDFD18BE6@microsoft.com...
>>>>> Daniel,
>>>>>
>>>>> In that case, look at the DC records in DNS. It will try then in
>>>>> order.
>>>>> If the first is busy, it will go to the second. Since they are in the
>>>>> same
>>>>> site, it really shouldn't matter which one they are logging in to --
>>>>> unless
>>>>> you are doing something funky where there is much higher load on the
>>>>> one. In
>>>>> that case, you can weight the DNS records to ensure that the chosen
>>>>> one is
>>>>> always tried first.
>>>>
>>>> Both DCs should be GCs (in Sites and Services NTDS properties for the
>>>> Server/DC) if you have a single domain forest.
>>>>
>>>> Both should generally be DNS servers too.
>>>>
>>>> And if you have more than one subnet, WINS servers.
>>>>
>>>> --
>>>> Herb Martin, MCSE, MVP
>>>> http://www.LearnQuick.Com
>>>> (phone on web site)
>>>>
>>>
>>>
>>
>>
>
>
 
So you mean that the client will logon to whichever DC is online and
whichever dns A records that in order ?

Daniel


"Herb Martin" <news@learnquick.com> wrote in message
news:%23u3Q9lvvHHA.4300@TK2MSFTNGP04.phx.gbl...
>
> "Daniel" <danieltbt05@gmail.com> wrote in message
> news:%23G3KCZrvHHA.5036@TK2MSFTNGP03.phx.gbl...
>> But if both DNS server records are different in order which 1 will client
>> login first ? Thanks
>
> Usually Round Robin DNS is enabled (Server -> Properties -> Advanced)
> so it is random, pseudo-load balanced.
>
>
> --
> Herb Martin, MCSE, MVP
> http://www.LearnQuick.Com
> (phone on web site)
>
>> Daniel
>>
>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
>> news:030608DD-233F-4B9A-BC0B-AC8CDFD18BE6@microsoft.com...
>>> Daniel,
>>>
>>> In that case, look at the DC records in DNS. It will try then in
>>> order.
>>> If the first is busy, it will go to the second. Since they are in the
>>> same
>>> site, it really shouldn't matter which one they are logging in to --
>>> unless
>>> you are doing something funky where there is much higher load on the
>>> one. In
>>> that case, you can weight the DNS records to ensure that the chosen one
>>> is
>>> always tried first.
>>> --
>>> Ryan Hanisco
>>> MCSE, MCTS: SQL 2005, Project+
>>> Chicago, IL
>>>
>>> Remember: Marking helpful answers helps everyone find the info they need
>>> quickly.
>>>
>>>
>>> "Daniel" wrote:
>>>
>>>> I have 2 servers with dns installed and both are in same site. Both are
>>>> default first site.
>>>>
>>>> Daniel
>>>>
>>>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
>>>> news:3A691C92-97A1-4FBB-AAAE-76D1A5BA7594@microsoft.com...
>>>> > Daniel,
>>>> >
>>>> > The workstation will query DNS to find the server that it should log
>>>> > into.
>>>> > This will be the server associated with the site to which its subnet
>>>> > belongs.
>>>> > After that it will go down the list in DNS to find the next DC in the
>>>> > list
>>>> > starting with default-first-site.
>>>> > --
>>>> > Ryan Hanisco
>>>> > MCSE, MCTS: SQL 2005, Project+
>>>> > Chicago, IL
>>>> >
>>>> > Remember: Marking helpful answers helps everyone find the info they
>>>> > need
>>>> > quickly.
>>>> >
>>>> >
>>>> > "Daniel" wrote:
>>>> >
>>>> >> If in my network i have 2 DC in 1 domain, which DC would the user
>>>> >> login
>>>> >> to
>>>> >> ?
>>>> >>
>>>> >> Daniel
>>>> >>
>>>> >>
>>>> >>
>>>> >>
>>>>
>>>>
>>>>
>>
>>
>
>
 
"Daniel" <danieltbt04@yahoo.com> wrote in message
news:epVLJi%23vHHA.1164@TK2MSFTNGP02.phx.gbl...
> So you mean that the client will logon to whichever DC is online and

Yes.

> whichever dns A records that in order ?

Maybe the order of the SRV records (clients find DCs by first
using SRV records) but generally the records are rotated due
to ROUND ROBIN.

In Round Robin each record is "rotated" by the DNS server so
that the order of returning them to clients is different for each
request and therefore offers loose load balancing.

Clients request first the SRV records for the needed service (Kerberos
for authentication) in the SAME SITE as the client, then will try others
anywhere in the domain if necessary.

It is also possible that "Subnet Prioritization" and "Netmask Ordering"
will encourage a client to use the CLOSEST (same classic or actual
subnet) first.

This is all designed to make AD authentication as efficient as possible
while keeping the implementation quite simple.

Generally for small domains make each DC a DNS server, and you will
need WINS Server(s) if you have more than one SUBNET.

In some cases a GC is also required (or desired) so with a single domain
forest make every DC a GC.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)


> Daniel
>
>
> "Herb Martin" <news@learnquick.com> wrote in message
> news:%23u3Q9lvvHHA.4300@TK2MSFTNGP04.phx.gbl...
>>
>> "Daniel" <danieltbt05@gmail.com> wrote in message
>> news:%23G3KCZrvHHA.5036@TK2MSFTNGP03.phx.gbl...
>>> But if both DNS server records are different in order which 1 will
>>> client login first ? Thanks
>>
>> Usually Round Robin DNS is enabled (Server -> Properties -> Advanced)
>> so it is random, pseudo-load balanced.
>>
>>
>> --
>> Herb Martin, MCSE, MVP
>> http://www.LearnQuick.Com
>> (phone on web site)
>>
>>> Daniel
>>>
>>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in message
>>> news:030608DD-233F-4B9A-BC0B-AC8CDFD18BE6@microsoft.com...
>>>> Daniel,
>>>>
>>>> In that case, look at the DC records in DNS. It will try then in
>>>> order.
>>>> If the first is busy, it will go to the second. Since they are in the
>>>> same
>>>> site, it really shouldn't matter which one they are logging in to --
>>>> unless
>>>> you are doing something funky where there is much higher load on the
>>>> one. In
>>>> that case, you can weight the DNS records to ensure that the chosen one
>>>> is
>>>> always tried first.
>>>> --
>>>> Ryan Hanisco
>>>> MCSE, MCTS: SQL 2005, Project+
>>>> Chicago, IL
>>>>
>>>> Remember: Marking helpful answers helps everyone find the info they
>>>> need
>>>> quickly.
>>>>
>>>>
>>>> "Daniel" wrote:
>>>>
>>>>> I have 2 servers with dns installed and both are in same site. Both
>>>>> are
>>>>> default first site.
>>>>>
>>>>> Daniel
>>>>>
>>>>> "Ryan Hanisco" <RyanHanisco@discussions.microsoft.com> wrote in
>>>>> message
>>>>> news:3A691C92-97A1-4FBB-AAAE-76D1A5BA7594@microsoft.com...
>>>>> > Daniel,
>>>>> >
>>>>> > The workstation will query DNS to find the server that it should log
>>>>> > into.
>>>>> > This will be the server associated with the site to which its subnet
>>>>> > belongs.
>>>>> > After that it will go down the list in DNS to find the next DC in
>>>>> > the list
>>>>> > starting with default-first-site.
>>>>> > --
>>>>> > Ryan Hanisco
>>>>> > MCSE, MCTS: SQL 2005, Project+
>>>>> > Chicago, IL
>>>>> >
>>>>> > Remember: Marking helpful answers helps everyone find the info they
>>>>> > need
>>>>> > quickly.
>>>>> >
>>>>> >
>>>>> > "Daniel" wrote:
>>>>> >
>>>>> >> If in my network i have 2 DC in 1 domain, which DC would the user
>>>>> >> login
>>>>> >> to
>>>>> >> ?
>>>>> >>
>>>>> >> Daniel
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>
>>
>
>
 

Similar threads

H
Can't login into device
Replies
0
Views
20
Hayden Strait
H
I
Gain enhanced security and performance with Windows Server 2025—now in preview
Replies
0
Views
58
Ian LeGrow
I
A
Microsoft Security Exposure Management Graph: unveiling the power
Replies
0
Views
23
andreykarpovsky
A
J
Lesson Learned #495: Monitoring DNS Resolution with PowerShell of Azure SQL Server
Replies
0
Views
22
Jose_Manuel_Jurado
J
K
Introducing SharePoint Video Pages
Replies
0
Views
21
katelynhelms
K
Back
Top